Hamas is Using Apps for Social Engineering

We read regularly about the unrest between Hamas and Israel, most of which is taking place along the border separating Israel from the West Bank and Gaza. What we haven’t read a lot about is the social engineering effort coming out of Hamas targeting Israeli military personnel.

Hamas is the largest of several Palestinian militant Islamist groups. While no one will accuse Hamas of being original in concept, others have created fake personas to entice individuals to engage. The 2010 Robin Sage con comes immediately to mind. And there are a plethora of examples of phony LinkedIn and Facebook personas which have been created to engage various target sets, all with the intent to elicit personal and professional information.

What makes the Hamas effort unique is they went well beyond the creation of fictious personas; they took a page right out of the North Korean online handbook and created applications (apps) specifically targeted at the Israeli soldier. Using the reach of Facebook and WhatsApp, they promoted their apps to “commercially” targeted audiences using the apps’ own tools.

Hamas World Cup / Gold Cup App

The Israeli Defence Forces (IDF) tell us that the “Gold Cup” app was created by Hamas. It was a fully functional app which provided timely updates of World Cup scores and stats. A senior IDF officer is quoted, “It actually was a very good one.”

Hamas Fake Dating Apps

The IDF also identified two data apps targeting Israeli military personnel. GlanceLove was advertised as “the best choice for new lovers who care about their privacy and safety.”

WinkChat was billed as an app “that lets you poke everyone at everywhere whom in your friends list and to be at contact with them in a romance feelings… (SIC)”

The reality is that, once downloaded, the apps allowed Hamas to geolocate the individual, access the user’s data on their phone and operate it remotely.

The standard fake profiles, using model photos on various social networks, including Facebook, continue to be used to engage Israeli military personnel. Once engaged, the elicitation begins, followed by the provision of a payload via a link to compromise the user’s device.

The Good News?

The Israeli government advises that fewer than 100 soldiers fell for the dating apps; no number was given for the number associated with the World Cup app.

The apps were available via Google Play, and have now been removed.

The Not-So-Good News

Going forward, apps associated with reality television programs, global and local events will all be suspect – are they real, or are they Hamas?

Is This Something Businesses Need to Worry About?

We see with great regularity the unscrupulous competitor targeting the intellectual property of their competition or attempting to elicit information from a well-placed insider.

We also see criminals engage both physically and via the cyber domain – given the talent available, creating apps designed to steal and/or provide the creator a window into a competitor’s personnel is not a stretch for them.

While the Hamas effort was clearly geopolitically inspired, it is easy to see how these techniques can transfer to the competitive trenches of commerce. The public perception that the security checks provided by Google and Apple prior to allowing apps into their stores is comprehensive, is now cast into question.

Users and companies alike need to stay on top of what they are downloading onto their devices and giving access to sensitive information, and to wherever possible do a deep dive into the mechanics of allowed apps, which probably should exclude dating apps.

Share It:

About The Author

Christopher Burgess

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher served 30+ years within the Central Intelligence Agency. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).

The opinions expressed in guest author articles are solely those of the contributor, and do not necessarily reflect those of Cylance.